Analysis

Council of Europe warns against arbitrary use of digital contact tracing applications

emerging europe contact tracing app

In a joint statement, the chair of the Council of Europe’s data protection Convention 108 committee, Alessandra Pierucci, and the Council of Europe’s Data Protection Commissioner, Jean-Philippe Walter, have warned about the possible side effects of digital contact tracing applications in the prevention of the Covid-19 pandemic and call for adequate safeguards to be put in place to prevent risks to personal data and privacy.

Since the start of the pandemic, governments and stakeholders involved in the fight against the virus have been relying on data analytics and digital technologies to address this threat. Mobile applications have been used in some countries and are being considered in others as a complementary response to the need to rapidly perform contact monitoring.

Aiming to contribute to the reflections currently underway in many countries, the statement has been issued in order to recall that, wherever such solutions are chosen, strict legal and technical safeguards would need to be in place to mitigate the risks to the protection of personal data and privacy.

If these applications are deployed, it should be for a limited duration only and solely on a voluntary basis. These applications should include specifics “by design” to prevent or minimise risks, such as ensuring that location data of individuals are not used, that no direct identification is possible or that re-identification is prevented.

“Tools which rely on the processing of personal data have an impact on the privacy and data protection, and other fundamental rights and
freedoms of individuals,” reads the statement. “It is crucial, therefore, to ensure that the measures and related data processing are necessary and proportionate in relation to the legitimate purpose pursued and that they reflect, at all stages, a fair balance between all interests concerned, and the rights and freedoms at stake.”

The statement adds that the acceptability of a digital contact tracing system clearly depends on the trust that such a system can inspire, and deliver. As public trust is essential for the broad adoption of the system, it is important to highlight that trust can be significantly strengthened through the integration of privacy enhancing features, and transparent information of the persons, regarding in particular the functioning of the system, its purpose and the data processed.

“Achieving broad acceptability can thus be supported by implementing a trustworthy system, which is not imposed upon people but used on a voluntary basis instead. This also means that there should be no negative consequences imposed for not participating in the system,” reads the statement, which goes on to say that since the Covid-19 pandemic knows no frontiers, interoperability between systems should be ensured to enable the exchange of available information beyond national borders, provided that the necessary safeguards are ensured, including appropriate grounds for transferring data, robust security measures, and means to ensure accuracy of inbound and outbound data.

The statement follows a first joint declaration on the right to data protection in the context of the Covid-19 pandemic, issued in March.

Apple and Google are partnering to build contact tracing tech that uses people’s smartphones to track the spread of Covid-19, and while the technology won’t be released until May, many governments across the world are already committing to use it.

Unlike many news and information platforms, Emerging Europe is free to read, and always will be. There is no paywall here. We are independent, not affiliated with nor representing any political party or business organisation. We want the very best for emerging Europe, nothing more, nothing less. Your support will help us continue to spread the word about this amazing region.

You can contribute here. Thank you.

emerging europe support independent journalism